About IPsec Interface

young19918 · ‎18-May-2023

Hello,

When I was building IPsec Interface I found that I could not select the option I wanted...

But I've obviously put this option up ....

Why can't I select it in " Tunnels : Profiles : IPsec Interface" ?

Any help is appreciate....

Paulius · ‎18-May-2023

@young19918 I would imagine that you have to change the order and place the traffic selector that you created before the default one. Typically what happens is selectors are used from top to bottom on most devices so this could be what is causing the F5 to not allow you to select the other one in your options.

young19918 · ‎19-May-2023

@Paulius ,

Thanks for your reply.

After I changed the order ,I still can't choose...

Paulius · ‎19-May-2023

@young19918 Can you provide the rest of the associated configuration for this IPsec VPN? From my understanding the following is all that should be configured, assuming you have done all the prerequisits such as a self-IP.

1. Create a forwarding virtual server for IPsec. This should listen on destination 0.0.0.0/0, all ports, all protocols, and all vlans and tunnels
2. Create an IKE peer
3. Create an IPsec policy
4. Create an IPsec traffic selector. Make sure this one is above the default.

The following article might help you in this configuration.

https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-tmos-tunnels-ipsec-13-0-0...